Secure Boot and CA Rollover - a heads-up for distributions
Summary
The article explains an imminent CA rollover for Microsoft UEFI Secure Boot roots, highlighting that old certificates expire and new CAs were introduced in 2023. It urges distributions to prepare new shim builds signed with the new CA, consider dual-signing for broad compatibility, and communicate urgency to users. Practical guidance and resources are provided for Debian and other distros to navigate the transition.